CoSign: Collaborative Single Sign-On  
AnnouncementsDiscussion
 

cosign-discuss at umich.edu
general discussion of cosign development and deployment
 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: logout vbscript



Jarod,

I ended up going with the cosignlogout.dll. It works nicely, but in order to get it working on Windows 2003, I had to make it a Web Service Extension. You may want to add that to the documentation.. Other than that, it works perfectly!

Thanks a lot!
Chris

jarod@xxxxxxxxx wrote:


The fundamental issue with VBScript is that it helpfully *cough* encodes hyphens
to %2D. The following all that needs to be done to delete the service cookie
before logging out:


<%
   Session.Abandon

   'get cosign cookie name as string
   cosignCookie = CStr(Request.ServerVariables("HTTP_COSIGN_SERVICE"))
   Response.Cookies(cosignCookie)="null"

   Response.Redirect(
"https://weblogin.umich.edu/cgi-bin/logout?https://www.umich.edu/"; )

%>

You can look at your cookies, Firefox is helpful here, and see that you'll have
a cookie such as cosign%2dsomeservice set to "null".


If anybody out there knows how to tell ASP that a hyphen really is a hyphen,
please share.


I wrote a cosignlogout.dll to handle logging out:
http://www.umich.edu/~umweb/software/cosign/download.html

David's approach of deleting the cookie cached on the server works well, too. It also takes care of cleaning up the cached cookies, which is a nice side
effect. :)


--Jarod


Quoting "Sweetman, David" <dsweetma@xxxxxxxxxxxx>:


Chris - What if you also delete the server-side cookie?  Here's a code
snippet that does that via VBScript:

Servicename = "InsertYourCoSignServiceNameHere"
Servername = "InsertYourServerNameHere"

s= request.ServerVariables(2)
buf = split(s,chr(10))
 for each b in buf
   if instr(b,"; " & ServiceName)>0 then
      ck = Right(b, Len(b) - Instr(b, Servername & "=") - 10)
      ck = Left(ck, (Len(ck) - 1))
   end if
 next
set fs = server.CreateObject("Scripting.FileSystemObject")
dirPath = "C:\Program Files\CoSign\CookieDB\"

pt = dirPath & ck
if (fs.fileexists(pt)) then
  fs.deletefile(pt)
end if



David Sweetman
Windows Enterprise Systems Administrator
Michigan Administrative Information Services
University of Michigan

-----Original Message-----
From: Christopher Lafty [mailto:chl114@xxxxxxx]
Sent: Tuesday, November 01, 2005 9:01 PM
To: Malestein, Jarod Douwe
Cc: chrislafty@xxxxxxx; cosign-discuss@xxxxxxxxx
Subject: Re: logout vbscript

Yep, it's in the same directory as my cosign protected application...

-C

jarod@xxxxxxxxx wrote:


Chris,


I haven't had a chance to try out your script yet. It certainly looks


like it's
doing all the right things!  Just to be sure, the logout script is
behind a
cosign-protected URL, right?

--Jarod

Quoting Christopher Lafty <chl114@xxxxxxx>:

I'm trying to build a logout script in vbscript, but it doesn't seem

to

function.  Here it is:
<%
   Session.Abandon

   'get cosign cookie name as string
   cosignCookie =

CStr(Request.ServerVariables("HTTP_COSIGN_SERVICE"))


Response.Cookies(cosignCookie)="null" Response.Cookies(cosignCookie).Expires = Date()-1000 Response.Cookies(cosignCookie).Domain ="/" Response.Cookies(cosignCookie).Secure=True

   Response.redirect "https://webaccess.psu.edu/cgi-bin/logout";
%>

Any takers? I would use php or perl, but don't have the option.

Thanks,
Chris

--







.....................................
:: Christopher Lafty
:: Web Site Administrator
:: Department of Biology
:: Pennsylvania State University
:: chrislafty@xxxxxxx
.....................................










--








.....................................
:: Christopher Lafty
:: Web Site Administrator
:: Department of Biology
:: Pennsylvania State University
:: chrislafty@xxxxxxx
.....................................









--








.....................................
:: Christopher Lafty
:: Web Site Administrator
:: Department of Biology
:: Pennsylvania State University
:: chrislafty@xxxxxxx
.....................................



 
Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010